aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,595 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7d623f0854'
${ noResults }
Commit Graph

13595 Commits (7d623f0854d01b5c1c9f83d7d9eccede086f963c)
 

Author SHA1 Message Date
Victor Julien 4a283d480d eve/tls: implement client cert logging 
Enable client logging in extended mode.

Add "client", "client_certificate" and "client_chain", where the latter two
depend on "client".
 2 years ago
Victor Julien e817a8f968 tls: parse client certificates 
Parse client cerificates and store them in the state similar to how
this is done for server certificates.

Update "progress" handling to not consider the TLS handshake complete
if the server indicated a client cert was needed.
 2 years ago
Victor Julien 10f5e6cb66 tls: prepare for client cert parsing 2 years ago
Victor Julien 6d4cc39c02 eve/tls: prepare for client cert logging 
Code cleanups that work on per direction "connp" instead of hard coding
to the server side.
 2 years ago
Victor Julien 14b2e04b58 tls: make cert handling more generic 
In preparation for client cert handling.
 2 years ago
Victor Julien cf4c201acb tls: avoid tls.invalid_handshake_message FP 
Don't set TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE event on encrypted
handshake messages.
 2 years ago
Victor Julien e9d63f3355 tls: don't set 2 events for a single exception 
Keep the more specific ones.
 2 years ago
Victor Julien 214e466b29 tls: remove incomplete tests 
These tests are incompatible with the incomplete API usage and should
have been pcap based tests in the first place.
 2 years ago
Victor Julien 82e03bd8fc tls: set event if record size exceeds limit 2 years ago
Victor Julien e857c864ca tls: support server hello done message 2 years ago
Victor Julien 4bab6e24e5 tls: support handshake fragmentation 
Implement TLS record defrag for handshake messages.

Ticket: #5183.
 2 years ago
Victor Julien bcaf0f6f7d tls: remove certificate buffering code 
TCP Buffering is now done in the app-layer using the incomplete API, on
the SSL/TLS record level. TLS level fragmentation will be implemented
separately.
 2 years ago
Victor Julien 0839317ea7 tls: parse handshake protocol records in single pass 2 years ago
Victor Julien 9f0ea5e70c sslv2: use version from client hello 
Remove streaming code that is now unused.

Incomplete handling makes this record parsing work on full data.
 2 years ago
Victor Julien c8d79fb81f ssl: implement 'incomplete' handling for SSLv2 2 years ago
Victor Julien 6076a51511 tls: streaming mode for application records 
To avoid overhead of stream buffering for records we don't do
much with anyway, pass through application records instead of
buffering the entire record in the stream engine.
 2 years ago
Victor Julien 129fcb5c72 tls: use incomplete API to get full TLS records 
The TLS record header is parsed in streaming mode still, but once the
record size is known we tell the app-layer API to give us the full
record.

Ticket: #5481
 2 years ago
Victor Julien 2d308c000d github-ci: disable cppclean as it is too noisy 
We can reenable it after the larger cleanup efforts are complete.
 2 years ago
Gleb Smirnoff 7110ea75c4 ipfw: remove setting of SO_BROADCAST on the divert(4) socket 
My review of the FreeBSD kernel code reveals that this setting
a) is ignored by the kernel b) is not required.  The sending
side of divert(4) never checks so->so_options, but always gives
IP_ALLOWBROADCAST to ip_output().
 2 years ago
dependabot[bot] 30ce63c50f github-actions: bump ossf/scorecard-action from 1.1.2 to 2.0.3 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.2 to 2.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ce330fde6b...865b409285)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Andrei Shchapaniak ee5573c4ee dpdk/i40e: fix warning with number of queues for RSS configuration 2 years ago
Philippe Antoine 390cf9248f detect: adds flow.age keyword 
Ticket: #5536
 2 years ago
Philippe Antoine ce2775d331 flow/icmpv4: fix vlan.use-for-tracking 
For ICMPv4 error messages the vlan ids were always considered,
even if the 'vlan.use-for-tracking' option was disabled.

Ticket: #5330
 2 years ago
Sascha Steinbiss 148b53125b ebpf: update deprecated API calls 
This fixes build errors when libbpf 1.0 is used. It removes previously
deprecated API functions that were still in use in Suricata's eBPF
code.
 2 years ago
Philippe Antoine af40873127 pgsql: config limit maximum number of live transactions 
As is done for other protocols

Ticket: #5527
 2 years ago
Philippe Antoine e160917bcf mqtt: remove quadratic time complexity 
When having many transactions in a single parsing call...

Fix has overhead of having one more field in the mqtt state.

Completes commit a8079dc978

Ticket: #5399
 2 years ago
Jeff Lucovsky 63745a7879 detect/tls: Improve tls.fingerprint rule handling 
Issue: 4581

This commit improves the runtime performance of rules with
tls.fingerprint by using the inspection logic from tls.cert_fingerprint.
 2 years ago
Jeff Lucovsky 6bccd5aa30 detect/uri: Remove unnecessary include 
This commit removes an unnecessary #include for detect-uricontent.h
 2 years ago
Victor Julien d941703cd8 detect/build: minor code cleanup 2 years ago
Victor Julien 040404b093 detect/profiling: track bytes scanned by prefilter engines 2 years ago
Victor Julien 682e2a07fe detect/tls: add tls.cert_chain_len keyword 2 years ago
Victor Julien 224ba82569 eve/tls: warn on unsupported 'custom' options 2 years ago
Victor Julien dbf3d1e977 tls: make SSLSetEvent a macro to help debugging 2 years ago
Victor Julien 036686e21c etc/schema: clang (re)format 2 years ago
Victor Julien 6e1220700d github-ci: bump cbindgen to 0.24.3 
This addresses issues around the AppLayerTxData type.
 2 years ago
Victor Julien 0e39c92fcf flow-manager: reduce locks at startup 
Effectively busy looping on a mutex to wait for time to be ready.
 2 years ago
Victor Julien 19e94e93fa common: move u8_tolower to common header 2 years ago
Victor Julien 18e63d4ede htp: remove user setup from request line callback 
This used to be the first callback that was called, but its not anymore.

Codecov confirmed that this is no longer used and therefore not useful.
 2 years ago
Victor Julien faca974f32 ipfw: remove unused func prototype 2 years ago
Victor Julien b9ad1d1260 app-layer: fix compiler warning 2 years ago
Victor Julien e250ef6402 debug: remove empty header 2 years ago
Victor Julien c3c5829f96 reputation: add ipv6 cidr test 2 years ago
Victor Julien e9c4b3719e reputation: fix multiline test 2 years ago
Eric Leblond a9a17c8185 landlock: handle filestore case 
If landlock ABI is inferior to 2 (before Linux 5.19) then the
renaming of files is impossible if the protection is enabled. This
patch disables landlock if ABI < 2 and file-store is enabled.

As file store is initialized in output the call to landlock had to
done after the output initialization.
 3 years ago
Eric Leblond 1b24f4d357 doc: document landlock feature 3 years ago
Eric Leblond 485d5a4ea4 landlock: basic implementation 
This patch is adding support for Landlock, a Linux
Security Module available since Linux 5.13.

The concept is to prevent any file operation on directories where
Suricata is not supposed to access.

Landlock support is built by default if the header is present. The
feature is disabled by default and need to be activated in the YAML
to be active.

Landlock documentation: https://docs.kernel.org/userspace-api/landlock.html

Feature: #5479
 3 years ago
Philippe Antoine fe91506320 doc/http2: suricata.yaml max-streams parameter 
Ticket: #4949
 3 years ago
Juliana Fajardini bbd968c738 exceptions: add reject support to exception policy 
This enables the usage of 'reject' as an exception policy. As for both
IPS and IDS modes the intended result of sending a reject packet is to
reject the related flow, this will effectively mean setting the reject
action to the packet that triggered the exception condition, and then
dropping the associated flow.

Task #5503
 3 years ago
Victor Julien f5bd55dac8 decode/tcp: allow 4 byte TFO with 2 byte cookie 3 years ago
Philippe Antoine 5ef259722b dhcp: adds renewal-time keyword 
Ticket: #5507
 3 years ago